Advanced Encryption Standard with Flexible Key Set Generation for Decryption for Data Sharing in Cloud Storage

Published on February 2017 | Categories: Documents | Downloads: 27 | Comments: 0 | Views: 174
of 5
Download PDF   Embed   Report

Comments

Content

International Journal of Advanced Engineering Research and Technology (IJAERT) 163
Volume 3 Issue 4, April 2015, ISSN No.: 2348 – 8190

Advanced Encryption Standard with Flexible Key Set Generation for
Decryption for Data Sharing in Cloud Storage
Yogendra Kumar Verma*, Shruthika C A**
*(Computer Science & Engineering, BGSIT, BG Nagar, Karnataka, India)
** (Assistant Professor Dept. of CS&E, BGSIT, BG Nagar, Karnataka, India)

ABSTRACT
Data sharing is an important functionality in cloud storage.
In this paper, we are representing the way how to encrypt,
efficiently, and flexibly share data with others in cloud
storage. We describe new public key cryptosystems that
generate constant size cipher texts such that efficient
delegations of decryption rights for any set of cipher texts
are possible. The new concept is that one can aggregate
any set of secret keys and make them as compact as a
single key, but including the power of all the keys being
aggregated. In other words, the key holder can release a
constant size collection of key for flexible choices of
cipher text set in cloud storage, but the other public key
encrypted files outside the set remain secure and
confidential. This constant size collection of key can be
easily sent to others or be stored in a smart card with very
limited secure storage. We provide consistent security
analysis of our schemes in the standard model. We also
elaborate other application of our schemes.
Keywords - Cloud storage, patient-controlled encryption,
and data sharing

1. INTRODUCTION
CLOUD storage popularity increasing recently. In
enterprise settings, we can see the rise in demand for data
outsourcing, which is helping in the strategic management
of corporate data. It is also used as a foundation of core
technology behind many online services for personal
applications. Nowadays, it is very easy to apply for free
accounts for file sharing, photo album; email and remote
access, with storage size more than 25 GB. Together with
the latest wireless technology, users can access all of their
files, data and emails by a mobile phone in any corner of
the world. Considering data security, a traditional way to
handle it is to rely on the server to enforce the access
control after authentication (e.g., [1]), which means any
unexpected privilege escalation will expose all data. Data
from different clients can be hosted on separate virtual
machines (VMs) but reside on a single physical machine.
Data in a destination VM could be stolen by instantiating
another VM coresident with the target one. Regarding

accessibility of files, a series of cryptographic schemes are
there which go as far as allowing a third party auditor to
check the availability of files on behalf of the data owner
without leaking anything about the data [2], or without
compromising the data owners anonymity [3]. Likewise,
cloud users probably will not hold the strong belief that the
cloud server is doing a good job in terms of
confidentiality. A cryptographic solution, for example, [4],
with proven security relied on number-theoretic
assumptions is more desirable, whenever the user is not
perfectly happy with trusting the security of the VM or the
honesty of the technical staff. These users are motivated to
secure of their data using encryption with their own keys
before uploading them to the server. Data sharing with
others is an important functionality in cloud storage. For
example, blog writers can let their friends view a subset of
their data, file and private pictures; an enterprise may grant
her employees access to a portion of sensitive data. The
main problem is how to effectively share encrypted data.
User can download the encrypted data from the storage,
decrypt them and then send them to others for sharing, but
it decreases the value of cloud storage. Users must be able
to delegate the access rights of the sharing data to others so
that they can access these data from the server directly.
However, getting an efficient and secure way to share
partial data in cloud storage is not trivial. So below we will
take Dropbox as an example for illustration. Consider that
Alice puts all her private photos and files on Dropbox, and
she does not like to expose her photos to others. Due to
many data leakage possibility Alice cannot feel relieved by
just relying on the privacy protection mechanisms
provided by Dropbox, so she encrypts all those photos
using her own keys before uploading files. One day,
Alice’s friend, Bob, asks her to share the photos and files
taken over all these years which Bob appeared in. Alice
can use the share function of Dropbox application, but the
problem now is how to share the decryption rights for
these photos to Bob. One option is Alice can choose to
securely send Bob the secret keys. Generally, there are two
better ways for her under the traditional encryption
paradigm: Alice encrypts all photo’s and files with a single

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 164
Volume 3 Issue 4, April 2015, ISSN No.: 2348 – 8190

encryption key and gives Bob the respective secret key
directly. Alice encrypts files with distinct keys and sends
Bob the respective secret keys. Of course, the first method
is inadequate since all un chosen data may be also leaked
to Bob. Encryption keys also come with two flavors
symmetric key or public key. Using symmetric key
encryption, when Alice wants that her data to be originated
from a third party, she must have to give the encryptor her
secret key, of course, this is not always desirable. Public
key encryption provides more flexibility for our
applications. Therefore, the better solution for the above
problem is that Alice encrypts files with distinct public
keys, but only sends Bob a single (constant-size)
decryption key. Since the decryption key must be sent via
a secure channel and kept secret, smaller key size is
always desirable. For example, we should not expect larger
storage for decryption keys in the resource constraint
devices like smart cards, smart phones or wireless sensor
nodes.
1.1 Our Contributions
In modern cryptography, a fundamental problem we often
study is about leveraging the secrecy of a small piece of
knowledge into the ability to perform cryptographic
functions (e.g., encryption, authentication) multiple times.
We study how to design a decryption key more powerful
in the sense that it allows decryption of many ciphertexts,
without increasing its size.

Fig. 1. Alice shares files identifiers 2, 3, 6, and 8 to Bob by
providing him a single compact key.
Specifically, our problem statement is “To design an
efficient public key encryption scheme which supports
flexible delegation in the sense that any subset of the
ciphertexts is decryptable by a constant size decryption
key. We can solve this problem by using a special type of
public key encryption which we call constant size key
cryptosystem. In this, users encrypt a message under a

public key. The extracted key have an aggregate key which
is as compact as a secret key for a single class, but
aggregates the power of different such keys, the decryption
power for any subgroup of ciphertext classes. With our
solution, Alice can easily send Bob a single aggregate key
via a secure e-mail. Bob can download the encrypted
photos and files from Alice’s Dropbox space and then use
this aggregate key to decrypt these encrypted photos. The
scenario is depicted in Fig. 1. The sizes of ciphertext,
master secret key, public-key and aggregate key in our
schemes are all of constant size. The system parameters
have size linear in the number of ciphertext classes, a
small part of it is needed each time and it can be fetched
on demand from large cloud storage. Earlier results may
contain a similar property featuring a constant size
decryption key, but the classes must be conforming to
some predefined hierarchical relationship. Our work is
suitable in the sense that this constraint is removed, that is,
no special relation is required between the classes. We
propose many concrete schemes with different security
levels and extensions in this paper. All constructions can
be proved secure in the standard model. To the best of our
knowledge, our aggregation mechanism has not been
investigated.

2

KEY AGGREGATE ENCRYPTION

We first give the framework and definition for key
aggregate encryption. Then we provide detail how to use
in a scenario of its application in cloud storage.
2.1 Framework
A key aggregate encryption scheme contains AES
algorithms as follows. The data owner establishes the
public system parameter via generating a public/master
secret key pair via KeyGen. Messages can be encrypted
using AES Encryption technique by anyone who also
ensures what ciphertext class is having plaintext message
to be encrypted. The data owner can use the master secret
to generate an aggregate decryption key for a subset of
ciphertext classes via Extract. The generated keys can be
passed to delegates securely (via secure e-mails or secure
devices) after that, any user with an aggregate key can
decrypt any ciphertext provided that the ciphertext class is
contained in the aggregate key via Decrypt. KeyGen:
executed by the data owner to randomly generate a
public/master secret key pair and executed by anyone who
wants to encrypt data. Extract executed by the data owner
for delegating the decrypting power for a fixed set of
ciphertext classes to a delegate and it outputs the aggregate
key for set S denoted by KS. Decrypt executed by a
delegatee who received an aggregate key KS generated by
Extract.

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 165
Volume 3 Issue 4, April 2015, ISSN No.: 2348 – 8190

2.2 Sharing Encrypted Data
A canonical application is data sharing. The key
aggregation property is especially useful when we want the
delegation to be capable and flexible. The schemes gives a
content provider to share her data in a confidential and
selective way, with a fixed and small ciphertext expansion,
by distributing to each authorized user a single and small
aggregate key.

Fig. 2. Using CSKC for data sharing in cloud storage.
Here, we provide detail of the main idea of data sharing in
cloud storage using CSKC(Constant Size Key
Cryptosystem), illustrated in Fig. 2. Suppose Alice wants
to share her data m1,m2 on the server. She first performs
AES Encryption and executes KeyGen to get the
public/master secret key pair. The system using KeyGen
method it randomly generates public key and master key
for Alice that she should keep secretly. Anyone can then
encrypt data using AES Encryption technique with random
KeyGen method. The encrypted data are uploaded to the
server. Whenever Alice wants to share a set S of her data
with a friend Bob, she can compute the Aggregate key AK
for Bob by performing Extract. Since AK is just a constant
size key, it is easy to be sent to Bob via a secure e-mail.
After getting the constant key, Bob can download the data
he is authorized to access.

3

RELATED WORKS

This section we compare our scheme with other possible
solutions on sharing in secure cloud storage.
3.1 Cryptographic Keys for a Predefined Hierarchy
Cryptographic key assignment schemes aim to minimize
the expense in storing and managing secret keys for
general cryptographic use (e.g., [7], [8]). Utilizing a tree
structure, a key for a given branch can be used to derive
the keys of its descendant nodes (but not the other way
round). Just granting the parent key implicitly grants all

the keys of its descendant nodes. Sandhu proposed a
method to generate a tree hierarchy of symmetric-keys by
using repeated evaluations of blockcipher on a fixed
secret. The concept can be generalized from a tree to a
graph. More advanced cryptographic key assignment
schemes support access policy that can be modeled by an
acyclic graph or a cyclic graph. Most of these schemes
produce keys for symmetric-key cryptosystems, even
though the key derivations may require modular arithmetic
as used in public-key cryptosystems, which are generally
more expensive than “symmetric-key operations” such as
pseudorandom function.
It takes the tree structure as an example. Alice can
first classify the ciphertext classes according to their
subjects. Each node in the tree represents a secret key,
while the leaf nodes represent the keys for individual
ciphertext classes. Filled circles represent the keys for the
classes to be delegated and circles circumvented by dotted
lines represent the keys to be granted.
For this delegatee in our example, the number of
granted secret keys becomes the same as the number of
classes. In general, hierarchical approaches can solve the
problem partially if one intends to share all files under a
certain branch in the hierarchy. On average, the number of
keys increases with the number of branches. It is unlikely
to come up with a hierarchy that can save the number of
total keys to be granted for all individuals (which can
access a different set of leaf-nodes) simultaneously.
Most of these schemes produce keys for
symmetric-key cryptosystems, even though the key
derivations may require modular arithmetic as used in
public-key cryptosystems, which are generally more
expensive than “symmetric-key operations” such as
pseudorandom function.
3.2 Compact Key in Symmetric-Key Encryption
Motivated by the same problem of supporting flexible
hierarchy in decryption power delegation (but in
symmetric- key setting), Benaloh et al [9]. presented an
encryption scheme which is originally proposed for
concisely transmitting large number of keys in broadcast
scenario. The construction is simple and we briefly review
its key derivation process here for a concrete description of
what are the desirable properties we want to achieve. The
derivation of the key for a set of classes (which is a subset
of all possible ciphertext classes) is as follows: A
composite modulus is chosen where p and q are two large
random primes. A master-secret key Y is chosen at random
from ZZN. Each class is associated with a distinct prime
ei. All these prime numbers can be put in the public system
parameter.

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 166
Volume 3 Issue 4, April 2015, ISSN No.: 2348 – 8190

This approach achieves similar properties and
performances as our schemes. However, it is designed for
the symmetric-key setting instead. The encryptor needs to
get the corresponding secret keys to encrypt data, which is
not suitable for many applications. Since their method is
used to generate a secret value rather than a pair of public/
secret keys, it is unclear how to apply this idea for
publickey encryption scheme. Finally, it notes that there
are schemes which try to reduce the key size for achieving
authentication in symmetric-key encryption, for example.
However, sharing of decryption power is not a concern in
these schemes.
However, it is designed for the symmetric-key
setting instead. The encryption needs to get the
corresponding secret keys to encrypt data, which is not
suitable for many applications. Since their method is used
to generate a secret value rather than a pair of public/
secret keys, it is unclear how to apply this idea for public
key encryption scheme.
3.3 Compact Key in Identity-Based Encryption (IBE)
IBE (e.g., [10], [11]) is a type of public-key encryption in
which the public-key of a user can be set as an identity
string of the user (e.g., an email address). There is a trusted
party called private key generator in IBE which holds a
master-secret key and issues a secret key to each user with
respect to the user identity. The encryptor can take the
public parameter and a user identity to encrypt a message.
The recipient can decrypt this ciphertext by his secret key.
It tried to build IBE with key aggregation. One of their
schemes assumes random oracles but another does not. In
their schemes, key aggregation is constrained in the sense
that all keys to be aggregated must come from different
“identity divisions.” While there are an exponential
number of identities and thus secret keys, only a
polynomial number of them can be aggregated. Most
importantly, their key-aggregation comes at the expense of
sizes for both ciphertexts and the public parameter, where
n is the number of secret keys which can be aggregated
into a constant size one. This greatly increases the costs of
storing and transmitting ciphertexts, which is impractical
in many situations such as shared cloud storage.
As we mentioned, our schemes feature constant
ciphertext size, and their security holds in the standard
model. In fuzzy IBE, one single compact secret key can
decrypt ciphertexts encrypted under many identities which
are close in a certain metric space, but not for an arbitrary
set of identities and, therefore, it does not match with our
idea of key aggregation.
Their key-aggregation comes at the expense of
sizes for both ciphertexts and the public parameter, where

n is the number of secret keys which can be aggregated
into a constant size one. This greatly increases the costs of
storing and transmitting ciphertexts, which is impractical
in many situations such as shared cloud storage.
3.4 Other Encryption Schemes
Attribute-based encryption (ABE) [12] allows each
ciphertext to be associated with an attribute, and the
master-secret key holder can extract a secret key for a
policy of these attributes so that a ciphertext can be
decrypted by this key if its associated attribute conforms to
the policy. For example, with the secret key for the policy
one can decrypt ciphertext tagged with class 2, 3, 6, or 8.
However, the major concern in ABE is collusion resistance
but not the compactness of secret keys. Indeed, the size of
the key often increases linearly with the number of
attributes it encompasses, or the ciphertext-size is not
constant. To delegate the decryption power of some
ciphertexts without sending the secret key to the delegatee,
a useful primitive is proxy re-encryption (PRE) (e.g., [13].
A PRE scheme allows Alice to delegate to the server
(proxy) the ability to convert the ciphertexts encrypted
under her public-key into ones for Bob. PRE is well
known to have numerous applications including
cryptographic file system.
Nevertheless, Alice has to trust the proxy that it
only converts ciphertexts according to her instruction,
which is what we want to avoid at the first place. Even
worse, if the proxy colludes with Bob, some form of
Alice’s secret key can be recovered which can decrypt
Alice’s (convertible) ciphertexts without Bob’s further
help. That also means that the transformation key of proxy
should be well protected. Using PRE just moves the secure
key storage requirement from the delegatee to the proxy. It
is, thus, undesirable to let the proxy reside in the storage
server.
However, the major concern in ABE is collusion
resistance but not the compactness of secret keys. Indeed,
the size of the key often increases linearly with the number
of attributes it encompasses, or the cipher text-size is not
constant.

4 CONCLUSIONS AND FUTURE WORK
How to protect users’ data privacy is a central question of
cloud storage. With more mathematical tools,
cryptographic schemes are getting more versatile and often
involve multiple
keys for a single application. We consider how to
“compress” secret keys in public key cryptosystems which
support delegation of secret keys for different ciphertext
classes in cloud storage. No matter which one among the

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 167
Volume 3 Issue 4, April 2015, ISSN No.: 2348 – 8190

power set of classes, the delegatee can always get an
aggregate key of constant size. Our approach is more
flexible than hierarchical key assignment which can only
save spaces if all key holders share a similar set of
privileges. A limitation in our work is the predefined
bound of the number of maximum ciphertext classes. In
cloud storage, the number of ciphertexts usually grows
rapidly. So we have to reserve enough ciphertext classes
for the future extension. Otherwise, we need to expand the
public key, Although the parameter can be downloaded
with ciphertexts, it would be better if its size is
independent of the maximum number of ciphertext classes.
On the other hand, when one carries the delegated keys
around in a mobile device without using special trusted
hardware, the key is prompt to leakage, designing a
leakage-resilient cryptosystem[6], yet allows efficient and
flexible key delegation is also an interesting direction.

REFERENCES
[1] S.S.M. Chow, Y.J. He, L.C.K. Hui, and S.-M. Yiu,
“SPICE – Simple Privacy-Preserving IdentityManagement for Cloud Environment,” Proc. 10th Int’l
Conf. Applied Cryptography and Network Security
(ACNS), vol. 7341, pp. 526-543, 2012.
[2] C. Wang, S.S.M. Chow, Q. Wang, K. Ren, and W.
Lou, “Privacy- Preserving Public Auditing for Secure
Cloud Storage,” IEEE Trans. Computers, vol. 62, no. 2,
pp. 362-375, Feb. 2013.
[3] B. Wang, S.S.M. Chow, M. Li, and H. Li, “Storing
Shared Data on the Cloud via Security-Mediator,” Proc.
IEEE 33rd Int’l Conf. Distributed Computing Systems
(ICDCS), 2013.
[4] S.S.M. Chow, C.-K. Chu, X. Huang, J. Zhou, and
R.H. Deng, “Dynamic Secure Cloud Storage with
Provenance,” Cryptography and Security, pp. 442-464,
Springer, 2012.
[5] D. Boneh, C. Gentry, B. Lynn, and H. Shacham,
“Aggregate and Verifiably Encrypted Signatures from
Bilinear Maps,” Proc. 22nd Int’l Conf. Theory and
Applications
of
Cryptographic
Techniques
(EUROCRYPT ’03), pp. 416-432, 2003.
[6] T.H. Yuen, S.S.M. Chow, Y. Zhang, and S.M. Yiu,
“Identity-Based Encryption Resilient to Continual
Auxiliary Leakage,” Proc. Advances in Cryptology
Conf. (EUROCRYPT ’12), vol. 7237, pp. 117-134,
2012.
[7]
S.G. Akl and P.D. Taylor, “Cryptographic
Solution to a Problem of Access Control in a
Hierarchy,” ACM Trans. Computer Systems, vol. 1, no.
3, pp. 239-248, 1983.

[8] G.C. Chick and S.E. Tavares, “Flexible Access
Control with Master Keys,” Proc. Advances in
Cryptology (CRYPTO ’89), vol. 435, pp. 316-322,
1989.
[9] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter,
“Patient Controlled Encryption: Ensuring Privacy of
Electronic Medical Records,” Proc. ACM Workshop
Cloud Computing Security (CCSW ’09), pp. 103-114,
2009.
[10] D. Boneh and M.K. Franklin, “Identity-Based
Encryption from the Weil Pairing,” Proc. Advances in
Cryptology (CRYPTO ’01), vol. 2139, pp. 213-229,
2001.
[11] A. Sahai and B. Waters, “Fuzzy Identity-Based
Encryption,” Proc. 22nd Int’l Conf. Theory and
Applications
of
Cryptographic
Techniques
(EUROCRYPT ’05), vol. 3494, pp. 457-473, 2005.
[12] V. Goyal, O. Pandey, A. Sahai, and B. Waters,
“Attribute-Based Encryption for Fine-Grained Access
Control of Encrypted Data,” Proc. 13th ACM Conf.
Computer and Comm. Security (CCS ’06), pp. 89-98,
2006.
[13] R. Canetti and S. Hohenberger, “ChosenCiphertext Secure Proxy Re-Encryption,” Proc. 14th
ACM Conf. Computer and Comm. Security (CCS ’07),
pp. 185-194, 2007.
Yogendra
Kumar
Verma
received the B.E degree in
Computer Science from VTU
Karnataka in 2013, and currently
he is a post graduate student
pursuing M.Tech in Computer
Science and Engineering from
B.G.S Institute of Technology B G
Nagar,
Mandya
under
Visvesvaraya Technological University Karnataka.
He has presented 4 papers in National
Conferences; His main research interests include computer
networks, cloud computing and wireless sensor networks.
He is currently doing his project in Cloud Computing.

www.ijaert.org

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close